diff mbox series

net/mlx5: fix the get function of Rx queue type

Message ID 237a2d46d825dc33a75a8c5aee27ed5d99fb68d6.1573482597.git.dekelp@mellanox.com (mailing list archive)
State Accepted, archived
Delegated to: Raslan Darawsheh
Headers
Series net/mlx5: fix the get function of Rx queue type |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-compilation success Compile Testing PASS
ci/travis-robot success Travis build: passed
ci/iol-mellanox-Performance success Performance Testing PASS
ci/Intel-compilation success Compilation OK

Commit Message

Dekel Peled Nov. 11, 2019, 2:32 p.m. UTC 
  Function mlx5_rxq_get_type() uses the input queue index, without
checking it, as index to the Rx queues array.
If this value is too high, it will result in pointer to memory out
of Rx queues array bounds.

This patch adds check of the input queue index, to verify it is valid.

Fixes: 09775c04aace ("net/mlx5: split hairpin flows")
Cc: orika@mellanox.com

Signed-off-by: Dekel Peled <dekelp@mellanox.com>
---
 drivers/net/mlx5/mlx5_rxq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Matan Azrad Nov. 12, 2019, 2:16 p.m. UTC | #1 
From: Dekel Peled
> Function mlx5_rxq_get_type() uses the input queue index, without checking
> it, as index to the Rx queues array.
> If this value is too high, it will result in pointer to memory out of Rx queues
> array bounds.
> 
> This patch adds check of the input queue index, to verify it is valid.
> 
> Fixes: 09775c04aace ("net/mlx5: split hairpin flows")
> Cc: orika@mellanox.com
> 
> Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Raslan Darawsheh Nov. 13, 2019, 11:39 a.m. UTC | #2 
Hi,

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Dekel Peled
> Sent: Monday, November 11, 2019 4:33 PM
> To: Matan Azrad <matan@mellanox.com>; Shahaf Shuler
> <shahafs@mellanox.com>; Slava Ovsiienko <viacheslavo@mellanox.com>
> Cc: Ori Kam <orika@mellanox.com>; dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] net/mlx5: fix the get function of Rx queue type
> 
> Function mlx5_rxq_get_type() uses the input queue index, without
> checking it, as index to the Rx queues array.
> If this value is too high, it will result in pointer to memory out
> of Rx queues array bounds.
> 
> This patch adds check of the input queue index, to verify it is valid.
> 
> Fixes: 09775c04aace ("net/mlx5: split hairpin flows")
> Cc: orika@mellanox.com
> 
> Signed-off-by: Dekel Peled <dekelp@mellanox.com>
> ---
>  drivers/net/mlx5/mlx5_rxq.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/mlx5/mlx5_rxq.c b/drivers/net/mlx5/mlx5_rxq.c
> index 24d0eaa..f9b36ed 100644
> --- a/drivers/net/mlx5/mlx5_rxq.c
> +++ b/drivers/net/mlx5/mlx5_rxq.c
> @@ -2113,7 +2113,7 @@ enum mlx5_rxq_type
>  	struct mlx5_priv *priv = dev->data->dev_private;
>  	struct mlx5_rxq_ctrl *rxq_ctrl = NULL;
> 
> -	if ((*priv->rxqs)[idx]) {
> +	if (idx < priv->rxqs_n && (*priv->rxqs)[idx]) {
>  		rxq_ctrl = container_of((*priv->rxqs)[idx],
>  					struct mlx5_rxq_ctrl,
>  					rxq);
> --
> 1.8.3.1


Patch applied to next-net-mlx,

Kindest regards,
Raslan Darawsheh
diff mbox series

Patch

diff --git a/drivers/net/mlx5/mlx5_rxq.c b/drivers/net/mlx5/mlx5_rxq.c
index 24d0eaa..f9b36ed 100644
--- a/drivers/net/mlx5/mlx5_rxq.c
+++ b/drivers/net/mlx5/mlx5_rxq.c
@@ -2113,7 +2113,7 @@  enum mlx5_rxq_type
 	struct mlx5_priv *priv = dev->data->dev_private;
 	struct mlx5_rxq_ctrl *rxq_ctrl = NULL;
 
-	if ((*priv->rxqs)[idx]) {
+	if (idx < priv->rxqs_n && (*priv->rxqs)[idx]) {
 		rxq_ctrl = container_of((*priv->rxqs)[idx],
 					struct mlx5_rxq_ctrl,
 					rxq);